On Wed, 2008-10-29 at 13:06 -0700, Edward Roper wrote: > Since you mentioned that the system was embedded Linux, see > http://lartc.org/howto/ in particular Chapter 11. Some combination of > packet marking and policy routing should get you taken care of. I tried this but there isn't any chain between the socket and the routing decision, the only chain is interesting chain in my case is OUTPUT but it is positioned after the routing.... (that's what i've understood, i'm not an iptables expert!) These examples are useful if you set-up a router/firewall, that is you use different routes for the incoming packets that arrive on your main interface (eth0). For now i'm more focused on chapter 4 "Routing for multiple uplinks/providers", using "ssh -b <ppp_ip_address> -CNR ...." Will post results here in case of success. [one hour later...] So, http://lartc.org/howto/lartc.rpdb.multiple-links.html - "4.2.1. Split access", seems to work well for this purpose, if i run ssh -b <ppp_ip_address> <other_options> the traffic goes through ppp0, if i run ssh <other_options> the traffic goes though eth0. I will need to do further testing on the real box (i've made test on my laptop with hsdpa modem and eth0), but it looks like i've found the solution of my problem! :) The only remaining problem is i have to use the IP address for the middle machine instead of its FQDN otherwise i will have to rely on the DNS "associated" with eth0. Could be easily fixed by merging the 2 resolv.conf but i'm happy this way for now! ;) Cheers, Chris PS: This is the content of my /etc/ppp/ip-up.d/special-route-for-ppp #!/bin/sh # # When the ppp link comes up, this script is called with the following # parameters # $1 the interface name used by pppd (e.g. ppp3) # $2 the tty device name # $3 the tty device speed # $4 the local IP address for the interface # $5 the remote IP address # $6 the parameter specified by the 'ipparam' option to pppd # # # iproute/iptable setup for reverse tunnelling ssh through ppp0 only # # see http://lartc.org/howto/lartc.rpdb.multiple-links.html # IP=/sbin/ip if [ "x$1" = "x" ]; then # Debugging on laptop, run me manually: # sudo sh -x ./special-route-for-ppp PPP_TABLE=2 PPP_IF=ppp0 PPP_IP=`${IP} address show dev ${PPP_IF} |sed -ne 's,^.*inet \(.*\) peer.*$,\1,p'` PPP_GW=${PPP_IP} PPP_NET=`${IP} address show dev ${PPP_IF} |sed -ne 's,^.*peer \(.*\) brd.*$,\1,p'` else # Deployment on arcom zeus board PPP_IF=$1 PPP_GW=$4 PPP_NET=$5/32 PPP_IP=$4 fi # Clean-up the route table ${IP} route flush table ${PPP_TABLE} ${IP} rule del table ${PPP_TABLE} # Add a specific route table for use with ppp0 ${IP} route add ${PPP_NET} dev ${PPP_IF} src ${PPP_IP} table ${PPP_TABLE} ${IP} route add default via ${PPP_GW} table ${PPP_TABLE} # This should have been done by pppd # ${IP} route add ${PPP_NET} dev ${PPP_IF} src ${PPP_IP} # Choose this special route table when connecting from PPP_IP ${IP} rule add from ${PPP_IP} table ${PPP_TABLE} # Invalidate the cache ${IP} route flush cache # From now we can run the ssh tunnel, disconnect the ethernet # plug, and still connect remotely! # Run ssh tunnel on the embedded system as user targetuser # MIDUSER=middleuser # MIDPORT=1234 # MIDIP=1.2.3.4 # ssh -b ${PPP_IP} -CNR $MIDPORT:localhost:22 $MIDUSER@$MIDIP # connect to the embedded system from internet # TUSER=targetuser # MIDPORT=1234 # MIDHOST=1.2.3.4 # ssh -p $MIDPORT $TUSER@$MIDHOST And this is the content of my /etc/ppp/ip-down.d/special-route-for-ppp #!/bin/sh IP=/sbin/ip PPP_TABLE=2 # Clean-up the route table ${IP} route flush table ${PPP_TABLE} ${IP} rule del table ${PPP_TABLE} > > Good luck, > Ed > > Christian Gagneraud wrote: > > > > Finally, my problem is that i would like to simply force the reverse > > tunnel to use only ppp0. And at the same time i need the default route > > to go through eth0 (that is needed for the main programs running on this > > box) > >
